48 Changes in MySQL Community Server 5.0.51a (2008-01-11)

This is a bugfix release for the current MySQL Community Server
production release family. It replaces MySQL 5.0.51.

Bugs Fixed

Security Fix:
Three vulnerabilities in yaSSL versions 1.7.5 and earlier were
discovered that could lead to a server crash or execution of
unauthorized code. The exploit requires a server with yaSSL
enabled and TCP/IP connections enabled, but does not require
valid MySQL account credentials. The exploit does not apply to
OpenSSL.

Warning

The proof-of-concept exploit is freely available on the
Internet. Everyone with a vulnerable MySQL configuration is
advised to upgrade immediately.

(Bug #33814, CVE-2008-0226, CVE-2008-0227)

Security Fix:ALTER VIEW retained the original
DEFINER value, even when altered by another
user, which could enable that user to gain the access rights of
the view. Now ALTER VIEW is
permitted only to the original definer or users with the
SUPER privilege.
(Bug #29908)

Security Fix:
When using a FEDERATED table, the local
server could be forced to crash if the remote server returned a
result with fewer columns than expected.
(Bug #29801)

When running the MySQL Instance Configuration Wizard, a race
condition could exist that failed to connect to a newly
configured instance. This was because mysqld
had not completed the startup process before the next stage of
the installation process.
(Bug #28628)

For Vista installs, MySQLInstanceConfig.exe
did not add the default MySQL port to the firewall exceptions.
It now provides a check box that enables the user a choice of
whether to do this.
(Bug #24853)

For Windows Vista, MySQLInstanceConfig.exe
did not include a proper manifest enabling it to run with
administrative privileges.
(Bug #22563)